package cn.edu.zjusc.Security;

import javax.interceptor.AroundInvoke;
import javax.interceptor.InvocationContext;

/**
 * 供EJB WebService方法使用的权限拦截器
 * 判断是否是学生权限
 * @author Tr0j4n
 *
 */
public class StudentProfileInterceptor {
	@AroundInvoke
	public Object identifyToken(InvocationContext invocation) throws Exception{
		UserCave uc=null;
		for(Object obj:invocation.getParameters()){
			//发现参数里有权限验证信息
			if(obj.getClass().equals(UserCave.class)){
				uc=(UserCave)obj;
			}
		}
		//有权限验证，去验证
		if(uc!=null){
			boolean result=Authentication.checkIsStudent(uc);
			//验证通过
			if(result){
				return invocation.proceed();
			}
			else   //验证不通过
			{
				throw new Exception("oops");
			}
		}
		else{
			throw new Exception("oops");
		}
	}
}
